IBM Support

PM77039: TCPIP ASSERTION ERRORS AND LOSS OF SSL CONNECTIVITY

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When being probed by port scanning software, the following
assertion errors may appear on the TCPIP console, followed
by a loss of SSL connectivity.  Non-secure telnet sessions
work, but secured connections do not.
.
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE                    STMT AT ADDRESS IN MODULE
SKSSLCON                     49    00D018E8   TCPSSL
DOSSLCONNECT                 14    00DDACB4   SOCKREQ
DOBINDORCONNECT              14    00DDAE3E   SOCKREQ
SPROCESSPENDMSG              86    00DDD1E4   SOCKREQ
SockRequ                    170    00E17C1C
Schedule                   2082    00CD1F14
<MAIN-PROGRAM>               14    00C0C1FE   TCPIP
VSPASCAL                           00E47DF2

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users of the z/VM TCP/IP SSL (Secure     *
*                 Socket Layer) server that do dynamic         *
*                 SSL/TLS (Transport Layer Security)           *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION: APPLY PTF                                    *
****************************************************************
When being probed by port scanning software, the following
assertion errors may appear on the TCPIP console, followed
by a loss of SSL connectivity.  Non-secure telnet sessions
work, but secured connections do not.
.
  AMPX036I ASSERTION FAILURE CHECKING ERROR
        TRACE BACK OF CALLED ROUTINES
   ROUTINE                    STMT AT ADDRESS IN MODULE
   SKSSLCON                     49    00D018E8   TCPSSL
   DOSSLCONNECT                 14    00DDACB4   SOCKREQ
   DOBINDORCONNECT              14    00DDAE3E   SOCKREQ
   SPROCESSPENDMSG              86    00DDD1E4   SOCKREQ
   SockRequ                    170    00E17C1C
   Schedule                   2082    00CD1F14
   <MAIN-PROGRAM>               14    00C0C1FE   TCPIP
   VSPASCAL                           00E47DF2

    



Problem conclusion


    

  • In part TCPSSL PASCAL, both the SkSslAcc routine (which
handles accept processing) and the SkSslCon routine (which
handles connect processing) have been updated in order to
better handle this error condition.  The code will now detect
that it has no pointer to the SSL TCB and will fail the
connection attempt from the port scanner cleanly, rather
than just put out an assertion error and continue on
(which was eventually causing all future secure connection
attempts to fail.)  With these updates, the code will also
display one of two new error messages (documented below) to
the TCPIP console log any time this error occurs.
.
---------------------------------------------------------------
.
The two new error messages will be documented in Chapter 19
(TCP/IP Server Messages), Section 19.2 (Numbered Messages)
of the TCP/IP Messages and Codes manual (SRL GC24-6237-03)
as follows:
.
  DTCSSL055I SkSslAcc: TCB #1001 (AcceptTcb) has SslServ=nil,
             connection will be rejected
  .
  EXPLANATION:  An error occurred while TCP/IP was trying to
                accept a secure connection (possibly due to
                the client abruptly terminating the connection
                during secure handshake processing).
  .
  SYSTEM ACTION:  TCP/IP fails the connection attempt.  TCP/IP
                  continues.
  .
  SYSTEM PROGRAMMER RESPONSE:  None.
  -------------------------------------------------------------
  DTCSSL056E SkSslCon: TCB #1006 (SSL_OrigTcb) has SslServ=nil,
             connection will be rejected
  .
  EXPLANATION:  An error occurred while TCP/IP was processing
                a secure connection attempt (possibly due to
                the client abruptly terminating the connection
                during secure handshake processing).
  .
  SYSTEM ACTION:  TCP/IP fails the connection attempt.  TCP/IP
                  continues.
  .
  SYSTEM PROGRAMMER RESPONSE:  None.

    



Temporary fix


    

  • *********
* HIPER *
*********

    



Comments


    

  • 



APAR Information




    

  • APAR number
    PM77039
    • 

  • Reported component name
    TCP/IP V2 FOR V
    • 

  • Reported component ID
    5735FAL00
    • 

  • Reported release
    540
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2012-11-13
    • 

  • Closed date
    2013-03-04
    • 

  • Last modified date
    2015-01-07
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK92193 UK92194 UK92195
    

    • 



Modules/Macros


    

  • MSTCP    TCPSSL

    




Publications Referenced


GC24623703    





Fix information


    

  • Fixed component name
    TCP/IP V2 FOR V
    • 

  • Fixed component ID
    5735FAL00
    • 



Applicable component levels


    

  • R540  PSY  UK92193
       UP13/03/06  P  1301  Ž
    • 

  • R610  PSY  UK92194
       UP13/03/06  I  1000  Ž
    • 

  • R620  PSY  UK92195
       UP13/03/06  P  1302  Ž
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"540","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"540","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 January 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback